EmbDev.net

Forum: µC & Digital Electronics Set callback to validate a server certificate // security protocol used in a HTTP GET request


Set callback to validate a server certificate // security protocol used in a HTTP GET request
von Sam (Guest)

Rate this post
useful
not useful 
Hello altogether,

I am trying to program an ESP8266 with the Arduino IDE. By the help of 
https://randomnerdtutorials.com/esp8266-nodemcu-http-get-post-arduino/ I 
created a so called sketch which sends a HTTP GET request to a 
WebService running on a server:

1
#include <ESP8266WiFi.h>

2
#include <ESP8266HTTPClient.h>

3
#include <WiFiClient.h>

4
5
const char* ssid = "MyWiFiName";

6
const char* password = "MyWifiPassword";

7
8
//My Domain name with URL path or IP address with path

9
String serverName = "http://192.168.200.123:55558/api/DBGeraetestatus";

10
11
// the following variables are unsigned longs because the time, measured in

12
// milliseconds, will quickly become a bigger number than can be stored in an int.

13
unsigned long lastTime = 0;

14
// Timer set to 10 minutes (600000)

15
unsigned long timerDelay = 600000;

16
// Set timer to 5 seconds (5000)

17
//unsigned long timerDelay = 5000;

18
19
void setup() {

20
  Serial.begin(115200); 

21
22
  WiFi.begin(ssid, password);

23
  Serial.println("Connecting");

24
  while(WiFi.status() != WL_CONNECTED) {

25
    delay(500);

26
    Serial.print(".");

27
  }

28
  Serial.println("");

29
  Serial.print("Connected to WiFi network with IP Address: ");

30
  Serial.println(WiFi.localIP());

31
 

32
  Serial.println("Timer set to 5 seconds (timerDelay variable), it will take 5 seconds before publishing the first reading.");

33
}

34
35
void loop() {

36
  //Send an HTTP POST request every 10 minutes

37
  if ((millis() - lastTime) > timerDelay) {

38
    //Check WiFi connection status

39
    if(WiFi.status()== WL_CONNECTED){

40
      HTTPClient http;

41
42
      String serverPath = serverName + "?filter=ipadresse&value=192.168.200.244";

43
      

44
      // My Domain name with URL path or IP address with path

45
      http.begin(serverPath.c_str());

46
      

47
      // Send HTTP GET request

48
      int httpResponseCode = http.GET();

49
      

50
      if (httpResponseCode>0) {

51
        Serial.print("HTTP Response code: ");

52
        Serial.println(httpResponseCode);

53
        String payload = http.getString();

54
        Serial.println(payload);

55
      }

56
      else {

57
        Serial.print("Error code: ");

58
        Serial.println(httpResponseCode);

59
      }

60
      // Free resources

61
      http.end();

62
    }

63
    else {

64
      Serial.println("WiFi Disconnected");

65
    }

66
    lastTime = millis();

67
  }

68
}


The answer is always a JSON which contains a 4 digit code.

The WebService on the server itself sends another HTTP GET request to a 
special machine, but by attaching NetworkCredentials (username + 
password) and setting on the one Hand the 
ServerCertificateValidationCallback to validate a server certificate and 
on the other hand the security protocol used by the ServicePoint objects 
which the ServicePointManager object manages. Please see the following 
C# code:

1
private string getPinFromWebservice(string ip)

2
{

3
    Uri.TryCreate(string.Format(Constants.generatePinPath, ip), UriKind.Absolute, out requestUri);

4
5
    var request = HttpWebRequest.Create(requestUri);

6
    request.ContentType = "application/json";

7
    request.Method = "GET";

8
9
    NetworkCredential nc = new NetworkCredential("MyNetworkCredentialName", "MyNetworkCredentialPassword");

10
    CredentialCache cache = new CredentialCache();

11
    cache.Add(requestUri, "Basic", nc);

12
    cache.Add(requestUri, "NTLM", nc);

13
    request.Credentials = cache;

14
15
    ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

16
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

17
18
    using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)

19
    {

20
        using (StreamReader reader = new StreamReader(response.GetResponseStream()))

21
        {

22
            var json = reader.ReadToEnd();

23
            return System.Text.RegularExpressions.Regex.Replace(json, @"[^0-9]", "").ToString();

24
        }

25
    }

26
}


I found out, that
1
http.setAuthorization(user, password);

adds basic auth and HttpClient could theoretically handle https, but may 
require a certificate as parameter of
1
begin();

(Source: 
https://github.com/esp8266/Arduino/blob/5d2563eee98ae116dc3d4b6bc14225efb3c85098/libraries/ESP8266HTTPClient/src/ESP8266HTTPClient.h#L153)

Is it possible to set ServerCertificateValidationCallback and the 
SecurityProtocol in Arduino/C as well? So could this C#-Code somehow be 
translated that it runs onto my ESP8266? The goal is to skip the server, 
send the request directly via https and with attached NetworkCredentials 
to this special machine and getting this 4 digit code to unlock this 
special machine.

Thanks in advance for every answer and help effort.

Best regards

  


  




  

    Report post Edit Move Thread sperren Anmeldepflicht aktivieren Anpinnen Delete topic Thread mit anderem zusammenführen Quote selected text Reply Reply with quote
  








    

    

       Watch this topic

      |
         Disable multi-page view

    

        


Please log in before posting. Registration is free and takes only a minute.



  Existing account

  


  
  

  
    

      

        
          
        
        
          
        
      

      

        
          
        
        
          
        
      

    


    
    
    





  Do you have a Google/GoogleMail account? No registration required!

  Log in with Google account
  





  No account? Register here.